d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Assorted mdoc(7) fixes.

Browse Source
This commit is contained in:
Ruslan Ermilov 2003-06-01 21:52:59 +00:00
parent d7ea49283c
commit 3cc3bf5282
11 changed files with 312 additions and 194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
share/man/man4/mac.4
View File

@ -29,7 +29,8 @@
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.Dd JANUARY 8, 2003
.\"
.Dd January 8, 2003
.Os
.Dt MAC 4
.Sh NAME
@ -44,12 +45,13 @@ finely control system security by providing for a loadable security policy
architecture.
It is important to note that due to its nature, MAC security policies may
only restrict access relative to one another and the base system policy;
they cannot override traditional UNIX
they cannot override traditional
.Ux
security provisions such as file permissions and superuser checks.
.Pp
Currently, the following MAC policy modules are shipped with
.Fx :
.Bl -column ".Xr mac_seeotheruids 4" "low-watermark mac policy " ".Em Labeling" "boot only"
.Bl -column ".Xr mac_seeotheruids 4" "low-watermark mac policy" ".Em Labeling" "boot only"
.It Sy Name Ta Sy Description Ta Sy Labeling Ta Sy "Load time"
.It Xr mac_biba 4 Ta "Biba integrity policy" Ta yes Ta boot only
.It Xr mac_bsdextended 4 Ta "File system firewall" Ta no Ta any time
@ -95,10 +97,10 @@ To set the
flag, drop to single-user mode and unmount the file system,
then execute the following command:
.Pp
.Dl "tunefs -l enable" Sy filesystem
.Dl "tunefs -l enable" Ar filesystem
.Pp
where
.Sy filesystem
.Ar filesystem
is either the mount point
(in
.Xr fstab 5 )
@ -113,7 +115,7 @@ policies
.Sx "Runtime Configuration" ) .
Policy enforcement is divided into the following areas of the system:
.Bl -ohang
.It Sy File System
.It Sy "File System"
File system mounts, modifying directories, modifying files, etc.
.It Sy KLD
Loading, unloading, and retrieving statistics on loaded kernel modules
@ -130,38 +132,32 @@ Creation of and operation on
objects
.It Sy Processes
Debugging
(e.g.
(e.g.\&
.Xr ktrace 2 ) ,
process visibility
.Xr ( ps 1 ) ,
.Pq Xr ps 1 ,
process execution
.Xr ( execve 2 ) ,
.Pq Xr execve 2 ,
signalling
.Xr ( kill 2 )
.Pq Xr kill 2
.It Sy Sockets
Creation of and operation on
.Xr socket 2
objects
.It Sy System
Kernel environment
.Xr ( kenv 1 ) ,
.Pq Xr kenv 1 ,
system accounting
.Xr ( acct 2 ) ,
.Pq Xr acct 2 ,
.Xr reboot 2 ,
.Xr settimeofday 2 ,
.Xr swapon 2 ,
.Xr sysctl 3 ,
.Sm off
.Xr nfsd 8 -
related
.Sm on
operations
.Xr nfsd 8 Ns
-related operations
.It Sy VM
.Sm off
.Xr mmap 2 -
ed
.Sm on
files
.Xr mmap 2 Ns
-ed files
.El
.Ss Setting MAC Labels
From the command line, each type of system object has its own means for setting
@ -195,51 +191,50 @@ man page.
The following
.Xr sysctl 8
MIBs are available for fine-tuning the enforcement of MAC policies.
Unless specifically noted, all MIBs default to
.Li 1
Unless specifically noted, all MIBs default to 1
(that is, all areas are enforced by default):
.Bl -tag -width "security.mac.enforce_network"
.Bl -tag -width ".Va security.mac.enforce_network"
.It Va security.mac.enforce_fs
Enforce MAC policies for file system accesses
Enforce MAC policies for file system accesses.
.It Va security.mac.enforce_kld
Enforce MAC policies on
.Xr kld 4
.Xr kld 4 .
.It Va security.mac.enforce_network
Enforce MAC policies on network interfaces
Enforce MAC policies on network interfaces.
.It Va security.mac.enforce_pipe
Enforce MAC policies on pipes
Enforce MAC policies on pipes.
.It Va security.mac.enforce_process
Enforce MAC policies between system processes
(e.g.
(e.g.\&
.Xr ps 1 ,
.Xr ktrace 2 )
.Xr ktrace 2 ) .
.It Va security.mac.enforce_socket
Enforce MAC policies on sockets
Enforce MAC policies on sockets.
.It Va security.mac.enforce_system
Enforce MAC policies on system-related items
(e.g.
(e.g.\&
.Xr kenv 1 ,
.Xr acct 2 ,
.Xr reboot 2 )
.Xr reboot 2 ) .
.It Va security.mac.enforce_vm
Enforce MAC policies on
.Xr mmap 2
and
.Xr mprotect 2
.Xr mprotect 2 .
.\" *** XXX ***
.\" Support for this feature is poor and should not be encouraged.
.\"
.\" .It Va security.mac.mmap_revocation
.\" Revoke
.\" .Xr mmap 2
.\" access to files on subject relabel
.\" access to files on subject relabel.
.\" .It Va security.mac.mmap_revocation_via_cow
.\" Revoke
.\" .Xr mmap 2
.\" access to files via copy-on-write semantics;
.\" mapped regions will still appear writable, but will no longer
.\" effect a change on the underlying vnode
.\" (Default: 0)
.\" effect a change on the underlying vnode.
.\" (Default: 0).
.El
.Sh SEE ALSO
.Xr mac 3 ,
@ -253,36 +248,41 @@ and
.Xr mac_portacl 4 ,
.Xr mac_seeotheruids 4 ,
.Xr mac_test 4 ,
.Xr login.5 ,
.Xr login.conf 5 ,
.Xr maclabel 7 ,
.Xr getfmac 8 ,
.Xr setfmac 8 ,
.Xr getpmac 8 ,
.Xr setfmac 8 ,
.Xr setpmac 8 ,
.Xr mac 9
.Rs
.%B "The FreeBSD Handbook"
.%T "Mandatory Access Control"
.%O http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac.html
.%O http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mac.html
.Re
.Sh HISTORY
The
.Nm
implementation first appeared in
.Fx 5.0
and was developed by the TrustedBSD Project.
and was developed by the
.Tn TrustedBSD
Project.
.Sh AUTHORS
This software was contributed to the
.Fx
Project by Network Associates Labs,
the Security Research Division of Network Associates
Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
See
.Xr mac 9
concerning appropriateness for production use.
The TrustedBSD MAC Framework is considered experimental in
The
.Tn TrustedBSD
MAC Framework is considered experimental in
.Fx .
.Pp
While the MAC Framework design is intended to support the containment of

73
share/man/man4/mac_biba.4
View File

@ -29,25 +29,32 @@
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.Dd NOVEMBER 18, 2002
.\"
.Dd November 18, 2002
.Os
.Dt MAC_BIBA 4
.Sh NAME
.Nm mac_biba
.Nd Biba data integrity policy
.Nd "Biba data integrity policy"
.Sh SYNOPSIS
To compile Biba into your kernel, place the following lines in your kernel
configuration file:
.Bd -ragged -offset indent
.Cd "options MAC"
.Cd "options MAC_BIBA"
.Ed
.Pp
Alternately, to load the Biba module at boot time, place the following line
in your kernel configuration file:
.Bd -ragged -offset indent
.Cd "options MAC"
.Ed
.Pp
and in
.Xr loader.conf 5 :
.Cd mac_biba_load= Ns \&"YES"
.Bd -literal -offset indent
mac_biba_load="YES"
.Ed
.Sh DESCRIPTION
The
.Nm
@ -66,28 +73,30 @@ components, numbered from 0 to 255.
A complete label consists of both hierarchal and non-hierarchal elements.
.Pp
Three special label values exist:
.Bl -column -offset indent "biba/equal" "lower than all other labels"
.Bl -column -offset indent ".Li biba/equal" "lower than all other labels"
.It Sy Label Ta Sy Comparison
.It Li biba/low Ta lower than all other labels
.It Li biba/equal Ta equal to all other labels
.It Li biba/high Ta higher than all other labels
.It Li biba/low Ta "lower than all other labels"
.It Li biba/equal Ta "equal to all other labels"
.It Li biba/high Ta "higher than all other labels"
.El
.Pp
The
.Dq biba/high
.Dq Li biba/high
label is assigned to system objects which affect the integrity of the system
as a whole.
.Dq biba/equal
The
.Dq Li biba/equal
label
may be used to indicate that a particular subject or object is exempt from
the Biba protections.
These special label values are not specified as containing any compartments,
although in a label comparison,
.Dq biba/high
.Dq Li biba/high
appears to contain all compartments,
.Dq biba/equal
.Dq Li biba/equal
the same compartments as the other label to which it is being compared,
and
.Dq biba/low
.Dq Li biba/low
none.
.Pp
In general, Biba access control takes the following model:
@ -137,7 +146,9 @@ reflecting the integrity of the object, or integrity of the data contained
in the object.
In general, objects labels are represented in the following form:
.Pp
.Dl biba/grade:compartments
.Sm off
.D1 Li biba / Ar grade : compartments
.Sm on
.Pp
For example:
.Pp
@ -154,8 +165,10 @@ greater or equal integrity to the low end of the range, and lesser or equal
integrity to the high end of the range.
In general, subject labels are represented in the following form:
.Pp
.Dl biba/singlegrade:singlecompartments(lograde:locompartments-
.Dl higrade:hicompartments)
.Sm off
.D1 Li biba / Ar singlegrade : singlecompartments ( lograde : locompartments -
.D1 Ar higrade : hicompartments )
.Sm on
.Pp
For example:
.Bd -literal -offset indent
@ -166,7 +179,7 @@ biba/high(low-high)
Valid ranged labels must meet the following requirement regarding their
elements:
.Pp
.Dl rangehigh >= single >= rangelow
.D1 Ar rangehigh No \[>=] Ar single No \[>=] Ar rangelow
.Pp
One class of objects with ranges currently exists, the network interface.
In the case of the network interface, the single label element references the
@ -177,23 +190,20 @@ the interface.
The following
.Xr sysctl 8
MIBs are available for fine-tuning the enforcement of this MAC policy.
.Bl -tag -width 'security.mac.biba.ptys_equal'
.Bl -tag -width ".Va security.mac.biba.ptys_equal"
.It Va security.mac.biba.enabled
Enables enforcement of the Biba integrity policy
(Default: 1)
Enables enforcement of the Biba integrity policy.
(Default: 1).
.It Va security.mac.biba.ptys_equal
Label
.Sm off
.Xr pty 4
s
.Sm on
.Xr pty 4 Ns s
as
.Dq biba/equal
upon creation
(Default: 0)
.Dq Li biba/equal
upon creation.
(Default: 0).
.It Va security.mac.biba.revocation_enabled
Revoke access to objects if the label is changed to dominate the subject
(Default: 0)
Revoke access to objects if the label is changed to dominate the subject.
(Default: 0).
.El
.Sh SEE ALSO
.Xr lomac 4 ,
@ -214,11 +224,14 @@ The
.Nm
policy module first appeared in
.Fx 5.0
and was developed by the TrustedBSD Project.
and was developed by the
.Tn TrustedBSD
Project.
.Sh AUTHORS
This software was contributed to the
.Fx
Project by Network Associates Labs,
the Security Research Division of Network Associates
Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.

20
share/man/man4/mac_bsdextended.4
View File

@ -29,25 +29,32 @@
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.Dd OCTOBER 16, 2002
.\"
.Dd October 16, 2002
.Os
.Dt MAC_BSDEXTENDED 4
.Sh NAME
.Nm mac_bsdextended
.Nd file system firewall policy
.Nd "file system firewall policy"
.Sh SYNOPSIS
To compile the file system firewall policy into your kernel,
place the following lines in your kernel configuration file:
.Bd -ragged -offset indent
.Cd "options MAC"
.Cd "options MAC_BSDEXTENDED"
.Ed
.Pp
Alternately, to load the file system firewall policy module at boot time,
place the following line in your kernel configuration file:
.Bd -ragged -offset indent
.Cd "options MAC"
.Ed
.Pp
and in
.Xr loader.conf 5 :
.Cd mac_bsdextended_load= Ns \&"YES"
.Bd -literal -offset indent
mac_bsdextended_load="YES"
.Ed
.Sh DESCRIPTION
The
.Nm
@ -91,10 +98,13 @@ The
.Nm
policy module first appeared in
.Fx 5.0
and was developed by the TrustedBSD Project.
and was developed by the
.Tn TrustedBSD
Project.
.Sh AUTHORS
This software was contributed to the
.Fx
Project by NAI Labs, the Security Research Division of Network Associates
Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.

41
share/man/man4/mac_ifoff.4
View File

@ -29,26 +29,33 @@
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.Dd DECEMBER 10, 2002
.\"
.Dd December 10, 2002
.Os
.Dt MAC_IFOFF 4
.Sh NAME
.Nm mac_ifoff
.Nd interface silencing policy
.Nd "interface silencing policy"
.Sh SYNOPSIS
To compile the interface silencing policy into your kernel,
place the following lines in your kernel
configuration file:
.Bd -ragged -offset indent
.Cd "options MAC"
.Cd "options MAC_IFOFF"
.Ed
.Pp
Alternately, to load the interface silencing policy module at boot time,
place the following line in your kernel configuration file:
.Bd -ragged -offset indent
.Cd "options MAC"
.Ed
.Pp
and in
.Xr loader.conf 5 :
.Cd mac_ifoff_load= Ns \&"YES"
.Bd -literal -offset indent
mac_ifoff_load="YES"
.Ed
.Sh DESCRIPTION
The
.Nm
@ -59,25 +66,19 @@ via the
interface.
.Pp
To disable network traffic over the loopback
.Xr ( lo 4 )
.Pq Xr lo 4
interface, set the
.Xr sysctl 8
OID
.Va security.mac.ifoff.lo_enabled
to
.Li 0
(default
.Li 1 ) .
to 0 (default 1).
.Pp
To enable network traffic over other interfaces,
set the
.Xr sysctl 8
OID
.Va security.mac.ifoff.other_enabled
to
.Li 1
(default
.Li 0 ) .
to 1 (default 0).
.Pp
To allow BPF traffic to be received,
even while other traffic is disabled,
@ -85,10 +86,7 @@ set the
.Xr sysctl 8
OID
.Va security.mac.ifoff.bpfrecv_enabled
to
.Li 1
(default
.Li 0 ) .
to 1 (default 0).
.Ss Label Format
No labels are defined.
.Sh SEE ALSO
@ -108,19 +106,24 @@ The
.Nm
policy module first appeared in
.Fx 5.0
and was developed by the TrustedBSD Project.
and was developed by the
.Tn TrustedBSD
Project.
.Sh AUTHORS
This software was contributed to the
.Fx
Project by Network Associates Labs,
the Security Research Division of Network Associates
Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
See
.Xr mac 9
concerning appropriateness for production use.
The TrustedBSD MAC Framework is considered experimental in
The
.Tn TrustedBSD
MAC Framework is considered experimental in
.Fx .
.Pp
While the MAC Framework design is intended to support the containment of

61
share/man/man4/mac_lomac.4
View File

@ -29,25 +29,32 @@
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd December 11, 2002
.Os
.Dt MAC_LOMAC 4
.Sh NAME
.Nm mac_lomac
.Nd Low-watermark Mandatory Access Control data integrity policy
.Nd "Low-watermark Mandatory Access Control data integrity policy"
.Sh SYNOPSIS
To compile LOMAC into your kernel, place the following lines in your kernel
configuration file:
.Bd -ragged -offset indent
.Cd "options MAC"
.Cd "options MAC_LOMAC"
.Ed
.Pp
Alternately, to load the LOMAC module at boot time, place the following line
in your kernel configuration file:
.Bd -ragged -offset indent
.Cd "options MAC"
.Ed
.Pp
and in
.Xr loader.conf 5 :
.Cd mac_lomac_load= Ns \&"YES"
.Bd -literal -offset indent
mac_lomac_load="YES"
.Ed
.Sh DESCRIPTION
The
.Nm
@ -68,33 +75,37 @@ with higher values reflecting higher integrity.
Three special label component values exist:
.Bl -column -offset indent ".Sy Label" "dominated by all other labels"
.It Sy Label Ta Sy Comparison
.It Li low Ta dominated by all other labels
.It Li equal Ta equal to all other labels
.It Li high Ta dominates all other labels
.It Li low Ta "dominated by all other labels"
.It Li equal Ta "equal to all other labels"
.It Li high Ta "dominates all other labels"
.El
.Pp
The
.Dq high
.Dq Li high
label is assigned to system objects which affect the integrity of the system
as a whole.
.Dq equal
The
.Dq Li equal
label
may be used to indicate that a particular subject or object is exempt from
the LOMAC protections.
For example, a label of
.Dq lomac/equal(equal-equal)
.Dq Li lomac/equal(equal-equal)
might be used on a subject which is to be used to administratively relabel
anything on the system.
.Pp
Almost all system objects are tagged with a single, active label element,
reflecting the integrity of the object, or integrity of the data contained
in the object.
Filesystem objects may contain an additional auxiliary label which
File system objects may contain an additional auxiliary label which
determines the inherited integrity level for new files created in a
directory or the alternate label assumed by the subject upon execution of
an executable.
In general, objects labels are represented in the following form:
.Pp
.Dl lomac/ Ns Sy grade Ns [ Sy auxgrade ]
.Sm off
.D1 Li lomac / Ar grade Bq Ar auxgrade
.Sm on
.Pp
For example:
.Pp
@ -111,21 +122,29 @@ greater or equal integrity to the low end of the range, and lesser or equal
integrity to the high end of the range.
In general, subject labels are represented in the following form:
.Pp
.Dl lomac/ Ns Sy singlegrade Ns ( Sy lograde Ns - Ns Sy higrade )
.Sm off
.D1 Li lomac / Ar singlegrade ( lograde No - Ar higrade )
.Sm on
.Pp
Modification of objects is restricted to access via the following comparison:
.Pp
.Dl subject::higrade >= target-object::grade
.D1 Ar subject Ns :: Ns Ar higrade No \[>=] Ar target-object Ns :: Ns Ar grade
.Pp
Modification of subjects is the same, as the target subject's single grade
is the only element taken into comparison.
.Pp
Demotion of a subject occurs when the following comparison is true:
.Pp
.Dl subject::singlegrade > object::grade
.D1 Ar subject Ns :: Ns Ar singlegrade No > Ar object Ns :: Ns Ar grade
.Pp
When demotion occurs, the subject's singlegrade and higrade are reduced to the
object's grade, as well as the lograde if necessary.
When demotion occurs, the subject's
.Ar singlegrade
and
.Ar higrade
are reduced to the
object's grade, as well as the
.Ar lograde
if necessary.
When the demotion occurs, in addition to the permission of the subject being
reduced, shared
.Xr mmap 2
@ -133,7 +152,8 @@ objects which it has opened in its memory space may be revoked according to
the following
.Xr sysctl 2
variables:
.Bl -bullet
.Pp
.Bl -bullet -compact
.It
.Va security.mac.lomac.revocation_enabled
.It
@ -146,7 +166,7 @@ variables:
.Pp
Upon execution of a file, if the executable has an auxiliary label, and that
label is within the current range of
.Sy lograde-higrade ,
.Ar lograde Ns - Ns Ar higrade ,
it will be assumed by the subject immediately.
After this, demotion is performed just as with any other read operation, with
the executable as the target.
@ -188,11 +208,14 @@ The
.Nm
policy module first appeared in
.Fx 5.0
and was developed by the TrustedBSD Project.
and was developed by the
.Tn TrustedBSD
Project.
.Sh AUTHORS
This software was contributed to the
.Fx
Project by Network Associates Labs,
the Security Research Division of Network Associates
Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.

76
share/man/man4/mac_mls.4
View File

@ -29,25 +29,32 @@
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.Dd DECEMBER 1, 2002
.\"
.Dd December 1, 2002
.Os
.Dt MAC_MLS 4
.Sh NAME
.Nm mac_mls
.Nd Multi-Level Security confidentiality policy
.Nd "Multi-Level Security confidentiality policy"
.Sh SYNOPSIS
To compile MLS into your kernel, place the following lines in your kernel
configuration file:
.Bd -ragged -offset indent
.Cd "options MAC"
.Cd "options MAC_MLS"
.Ed
.Pp
Alternately, to load the MLS module at boot time, place the following line
in your kernel configuration file:
.Bd -ragged -offset indent
.Cd "options MAC"
.Ed
.Pp
and in
.Xr loader.conf 5 :
.Cd mac_mls_load= Ns \&"YES"
.Bd -literal -offset indent
mac_mls_load="YES"
.Ed
.Sh DESCRIPTION
The
.Nm
@ -74,26 +81,26 @@ With normal labels, dominance is defined as a label having a higher
or equal active sensitivity level, and having at least
all of the same compartments as the label to which it is being compared.
With respect to label comparisons,
.Dq lower
.Dq Li lower
is defined as being dominated by the label to which it is being compared,
and
.Dq higher
.Dq Li higher
is defined as dominating the label to which it is being compared,
and
.Dq equal
.Dq Li equal
is defined as both labels being able to satisfy the dominance requirements
over one another.
.Pp
Three special label values exist:
.Bl -column -offset indent "mls/equal" "dominated by all other labels"
.Bl -column -offset indent ".Li mls/equal" "dominated by all other labels"
.It Sy Label Ta Sy Comparison
.It Li mls/low Ta dominated by all other labels
.It Li mls/equal Ta equal to all other labels
.It Li mls/high Ta dominates all other labels
.It Li mls/low Ta "dominated by all other labels"
.It Li mls/equal Ta "equal to all other labels"
.It Li mls/high Ta "dominates all other labels"
.El
.Pp
The
.Dq mls/equal
.Dq Li mls/equal
label may be applied to subjects and objects for which no enforcement of the
MLS security policy is desired.
.Pp
@ -132,10 +139,11 @@ reflecting the classification of the object, or classification of the data
contained in the object.
In general, object labels are represented in the following form:
.Pp
.Dl mls/grade:compartments
.Sm off
.D1 Li mls / Ar grade : compartments
.Sm on
.Pp
For example:
.Pp
.Bd -literal -offset indent
mls/10:2+3+6
mls/low
@ -149,8 +157,10 @@ greater or equal integrity to the low end of the range, and lesser or equal
integrity to the high end of the range.
In general, subject labels are represented in the following form:
.Pp
.Dl mls/singlegrade:singlecompartments(lograde:locompartments-
.Dl higrade:hicompartments)
.Sm off
.D1 Li mls / Ar singlegrade : singlecompartments ( lograde : locompartments No -
.D1 Ar higrade : hicompartments )
.Sm on
.Pp
For example:
.Bd -literal -offset indent
@ -161,7 +171,7 @@ mls/high(low-high)
Valid ranged labels must meet the following requirement regarding their
elements:
.Pp
.Dl rangehigh >= single >= rangelow
.D1 Ar rangehigh No \[>=] Ar single No \[>=] Ar rangelow
.Pp
One class of objects with ranges currently exists, the network interface.
In the case of the network interface, the single label element references
@ -172,30 +182,27 @@ the interface.
The following
.Xr sysctl 8
MIBs are available for fine-tuning the enforcement of this MAC policy.
.Bl -tag -width security.mac.mls.enabled
.Bl -tag -width ".Va security.mac.mls.ptys_equal"
.It Va security.mac.mls.enabled
Enables the enforcement of the MLS confidentiality policy
(Default: 1)
Enables the enforcement of the MLS confidentiality policy.
(Default: 1).
.It Va security.mac.mls.ptys_equal
Label
.Sm off
.Xr pty 4
s
.Sm on
.Xr pty 4 Ns s
as
.Dq mls/equal
upon creation
(Default: 0)
.Dq Li mls/equal
upon creation.
(Default: 0).
.It Va security.mac.mls.revocation_enabled
Revoke access to objects if the label is changed to a more sensitive
level than the subject
(Default: 0)
level than the subject.
(Default: 0).
.El
.Sh IMPLEMENTATION NOTES
Currently, the
.Nm
policy relies on superuser status
.Xr ( suser 9 )
.Pq Xr suser 9
in order to change network interface MLS labels.
This will eventually go away, but it is currently a liability and may
allow the superuser to bypass MLS protections.
@ -218,19 +225,24 @@ The
.Nm
policy module first appeared in
.Fx 5.0
and was developed by the TrustedBSD Project.
and was developed by the
.Tn TrustedBSD
Project.
.Sh AUTHORS
This software was contributed to the
.Fx
Project by Network Associates Laboratories,
the Security Research Division of Network Associates
Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
See
.Xr mac 9
concerning appropriateness for production use.
The TrustedBSD MAC Framework is considered experimental in
The
.Tn TrustedBSD
MAC Framework is considered experimental in
.Fx .
.Pp
While the MAC Framework design is intended to support the containment of

24
share/man/man4/mac_none.4
View File

@ -29,26 +29,33 @@
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.Dd DECEMBER 1, 2002
.\"
.Dd December 1, 2002
.Os
.Dt MAC_NONE 4
.Sh NAME
.Nm mac_none
.Nd sample MAC policy module
.Nd "sample MAC policy module"
.Sh SYNOPSIS
To compile the sample policy
into your kernel, place the following lines in your kernel
configuration file:
.Bd -ragged -offset indent
.Cd "options MAC"
.Cd "options MAC_NONE"
.Ed
.Pp
Alternately, to load the sample module at boot time, place the following line
in your kernel configuration file:
.Bd -ragged -offset indent
.Cd "options MAC"
.Ed
.Pp
and in
.Xr loader.conf 5 :
.Cd mac_none_load= Ns \&"YES"
.Bd -literal -offset indent
mac_none_load="YES"
.Ed
.Sh DESCRIPTION
The
.Nm
@ -76,19 +83,24 @@ The
.Nm
policy module first appeared in
.Fx 5.0
and was developed by the TrustedBSD Project.
and was developed by the
.Tn TrustedBSD
Project.
.Sh AUTHORS
This software was contributed to the
.Fx
Project by Network Associates Labs,
the Security Research Division of Network Associates
Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
See
.Xr mac 9
concerning appropriateness for production use.
The TrustedBSD MAC Framework is considered experimental in
The
.Tn TrustedBSD
MAC Framework is considered experimental in
.Fx .
.Pp
While the MAC Framework design is intended to support the containment of

37
share/man/man4/mac_partition.4
View File

@ -29,32 +29,39 @@
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.Dd DECEMBER 9, 2002
.\"
.Dd December 9, 2002
.Os
.Dt MAC_PARTITION 4
.Sh NAME
.Nm mac_partition
.Nd process partition policy
.Nd "process partition policy"
.Sh SYNOPSIS
To compile the process partition policy into your kernel,
place the following lines in your kernel
configuration file:
.Bd -ragged -offset indent
.Cd "options MAC"
.Cd "options MAC_PARTITION"
.Ed
.Pp
Alternately, to load the process partition module at boot time,
place the following line in your kernel configuration file:
.Bd -ragged -offset indent
.Cd "options MAC"
.Ed
.Pp
and in
.Xr loader.conf 5 :
.Cd mac_partition_load= Ns \&"YES"
.Bd -literal -offset indent
mac_partition_load="YES"
.Ed
.Sh DESCRIPTION
The
.Nm
policy module implements a process partition policy,
which allows administrators to place running processes into
.Dq partitions,
.Dq partitions ,
based on their numeric process partition
(specified in the process's MAC label).
Processes with a specified partition can only see processes that are in the
@ -62,18 +69,19 @@ same partition.
If no partition is specified for a process, it can see all other processes
in the system
(subject to other MAC policy restrictions not defined in this man page).
No provisions for placing processes into multiple partitions is available.
No provisions for placing processes into multiple partitions are available.
.Ss Label Format
Partition labels take on the following format:
.Pp
.Dl partition/ Ns Sy value
.Sm off
.Dl Li partition / Ar value
.Sm on
.Pp
Where
.Sy value
.Ar value
can be any integer value or
.Dq none .
.Dq Li none .
For example:
.Pp
.Bd -literal -offset indent
partition/1
partition/20
@ -98,19 +106,24 @@ The
.Nm
policy module first appeared in
.Fx 5.0
and was developed by the TrustedBSD Project.
and was developed by the
.Tn TrustedBSD
Project.
.Sh AUTHORS
This software was contributed to the
.Fx
Project by Network Associates Labs,
the Security Research Division of Network Associates
Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
See
.Xr mac 9
concerning appropriateness for production use.
The TrustedBSD MAC Framework is considered experimental in
The
.Tn TrustedBSD
MAC Framework is considered experimental in
.Fx .
.Pp
While the MAC Framework design is intended to support the containment of

40
share/man/man4/mac_seeotheruids.4
View File

@ -29,26 +29,33 @@
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.Dd DECEMBER 8, 2002
.\"
.Dd December 8, 2002
.Os
.Dt MAC_SEEOTHERUIDS 4
.Sh NAME
.Nm mac_seeotheruids
.Nd simple policy controlling whether users see other users
.Nd "simple policy controlling whether users see other users"
.Sh SYNOPSIS
To compile the mac_seeotheruids
To compile the
policy into your kernel, place the following lines in your kernel
configuration file:
.Bd -ragged -offset indent
.Cd "options MAC"
.Cd "options MAC_SEEOTHERUIDS"
.Ed
.Pp
Alternately, to load the module at boot time, place the following line
in your kernel configuration file:
.Bd -ragged -offset indent
.Cd "options MAC"
.Ed
.Pp
and in
.Xr loader.conf.5 :
.Cd mac_seeotheruids_load= Ns \&"YES"
.Bd -literal -offset indent
mac_seeotheruids_load="YES"
.Ed
.Sh DESCRIPTION
The
.Nm
@ -59,23 +66,19 @@ To enable
.Nm ,
set the sysctl OID
.Va security.mac.seeotheruids.enabled
to
.Li 1 .
to 1.
.Pp
To allow users to see processes and sockets owned by the same primary group,
set the sysctl OID
.Va security.mac.seeotheruids.primarygroup_enabled
to
.Li 1 .
to 1.
.Pp
To allow processes with a specific group ID to be exempt from the policy,
set the sysctl OID
.Va security.mac.seeotheruids.specificgid_enabled
to
.Li 1 ,
and
to 1, and
.Va security.mac.seeotheruids.specificgid
to the gid to be exempted.
to the group ID to be exempted.
.Ss Label Format
No labels are defined for
.Nm .
@ -86,9 +89,9 @@ No labels are defined for
.Xr mac_ifoff 4 ,
.Xr mac_lomac 4 ,
.Xr mac_mls 4 ,
.Xr mac_none 4 ,
.Xr mac_partition 4 ,
.Xr mac_portacl 4 ,
.Xr mac_none 4 ,
.Xr mac_test 4 ,
.Xr mac 9
.Sh HISTORY
@ -96,19 +99,24 @@ The
.Nm
policy module first appeared in
.Fx 5.0
and was developed by the TrustedBSD Project.
and was developed by the
.Tn TrustedBSD
Project.
.Sh AUTHORS
This software was contributed to the
.Fx
Project by Network Associates Labs,
the Security Research Division of Network Associates
Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
See
.Xr mac 9
concerning appropriateness for production use.
The TrustedBSD MAC Framework is considered experimental in
The
.Tn TrustedBSD
MAC Framework is considered experimental in
.Fx .
.Pp
While the MAC Framework design is intended to support the containment of

24
share/man/man4/mac_stub.4
View File

@ -29,26 +29,33 @@
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.Dd DECEMBER 1, 2002
.\"
.Dd December 1, 2002
.Os
.Dt MAC_NONE 4
.Sh NAME
.Nm mac_none
.Nd sample MAC policy module
.Nd "sample MAC policy module"
.Sh SYNOPSIS
To compile the sample policy
into your kernel, place the following lines in your kernel
configuration file:
.Bd -ragged -offset indent
.Cd "options MAC"
.Cd "options MAC_NONE"
.Ed
.Pp
Alternately, to load the sample module at boot time, place the following line
in your kernel configuration file:
.Bd -ragged -offset indent
.Cd "options MAC"
.Ed
.Pp
and in
.Xr loader.conf 5 :
.Cd mac_none_load= Ns \&"YES"
.Bd -literal -offset indent
mac_none_load="YES"
.Ed
.Sh DESCRIPTION
The
.Nm
@ -76,19 +83,24 @@ The
.Nm
policy module first appeared in
.Fx 5.0
and was developed by the TrustedBSD Project.
and was developed by the
.Tn TrustedBSD
Project.
.Sh AUTHORS
This software was contributed to the
.Fx
Project by Network Associates Labs,
the Security Research Division of Network Associates
Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
See
.Xr mac 9
concerning appropriateness for production use.
The TrustedBSD MAC Framework is considered experimental in
The
.Tn TrustedBSD
MAC Framework is considered experimental in
.Fx .
.Pp
While the MAC Framework design is intended to support the containment of

22
share/man/man4/mac_test.4
View File

@ -29,7 +29,8 @@
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.Dd DECEMBER 1, 2002
.\"
.Dd December 1, 2002
.Os
.Dt MAC_TEST 4
.Sh NAME
@ -39,16 +40,22 @@
To compile the testing policy
into your kernel, place the following lines in your kernel
configuration file:
.Bd -ragged -offset indent
.Cd "options MAC"
.Cd "options MAC_TEST"
.Ed
.Pp
Alternately, to load the testing module at boot time, place the following line
in your kernel configuration file:
.Bd -ragged -offset indent
.Cd "options MAC"
.Ed
.Pp
and in
.Xr loader.conf.5 :
.Cd mac_test_load= Ns \&"YES"
.Bd -literal -offset indent
mac_test_load="YES"
.Ed
.Sh DESCRIPTION
The
.Nm
@ -82,19 +89,24 @@ The
.Nm
policy module first appeared in
.Fx 5.0
and was developed by the TrustedBSD Project.
and was developed by the
.Tn TrustedBSD
Project.
.Sh AUTHORS
This software was contributed to the
.Fx
Project by Network Associates Labs,
the Security Research Division of Network Associates
Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
See
.Xr mac 9
concerning appropriateness for production use.
The TrustedBSD MAC Framework is considered experimental in
The
.Tn TrustedBSD
MAC Framework is considered experimental in
.Fx .
.Pp
While the MAC Framework design is intended to support the containment of